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DETAILED ACTION 



1 . Claims 1-37 are presented for examination. 

Dramngs 

2, The drawings are objected to because parts of Figure 2 exceeded the right margin and 
have therefore been cut off Figures 3, 10, and 14 are also objected to as being illegible. Figures 
3,10, and 14 appear to dark to distinguish any parts or features of the instant invention. 
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office 
action to avoid abandonment of the application. Any amended replacement drawing sheet should 
include all of the figures appearing on the immediate prior version of the sheet, even if only one 
figure is being amended. The figure or figure number of an amended drawing should not be 
labeled as "amended." If a drawing figure is to be canceled, the appropriate figure must be 
removed from the replacement sheet, and where necessary, the remaining figures must be 
renumbered and appropriate changes made to the brief description of the several views of the 
drawings for consistency. Additional replacement sheets may be necessary to show the 
renumbering of the remaining figures. The replacement sheet(s) should be labeled "Replacement 
Sheet" in the page header (as per 37 CFR 1 .84(c)) so as not to obstruct any portion of the 
drawing figures. If the changes are not accepted by the examiner, the applicant will be notified 
and informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 
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Specification 

3. The disclosure is objected to because it contains an embedded hyperlink and/or other 
form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or 
other form of browser-executable code. See MPEP § 608.01. 

4. The attempt to incorporate subject matter into this application by reference to co-pending 
applications is improper because there are no serial numbers provided and the status of the co- 
pending applications is not given. 

5. The use of the trademarks Windows, Java, Microsoft, and Netscape has been noted in this 
application. It should be capitalized wherever it appears and be accompanied by the generic 
terminology. 

6 Although the use of trademarks is permissible in patent applications, the proprietary 
nature of the marks should be respected and every effort made to prevent their use in any manner 
which might adversely affect their validity as trademarks. 

Claim Rejections - 35 USC §101 
7. As per claims 17-20, 26, 27, 30, 35, and 36 merely claimed as a computer program 
representing a computer listing per se, that is, descriptions or expressions of such a program and 
that is, descriptive material per se, non-fimctional descriptive material, and is not statutory 
because it is not a physical "thing" nor a statutory process, as there are not "acts" being 
performed. Such claimed computer programs do not define any structural and functional 
interrelationships between the computer program and other claimed aspects of the invention 
which permit the computer program's functionality to be realized. Since a computer program is 
merely a set of instructions capable of being executed by a computer, the program itself is not a 
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process, without the computer-readable medium needed to reahze the computer program's 
functionality. In contrast, a claimed computer-readable medium encoded with a computer 
program defines structural and functional interrelationships between the computer program and 
the medium which permit the computer program's functionality to be realized, and is thus 
statutory. Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760. In re Sarkar, 588 F.2d 1330, 
1333, 200 USPQ 132, 137 (CCPA 1978). See MPEP § 2106(IV)(B)(l)(a). 

Claim Rejections - 35 USC§112 

8. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

9. Claims 18-21 recites the limitation "wherein the filter engine is adapted to return an 
object to the servlet " (Emphasis added). There is insufficient antecedent basis for this limitation 
in the claim. 

1 0. Claims 19, 27, 30, and 36 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See In re Van 
Gems, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). Thus claiming methods which are not 
clearly defined in the claim language render the claims indefinite. 

1 1 . Claim 22 recites the limitafion "wherein if the integer value indicates that a signature is 
required on data in the HTTP request then the Internet server application stores a state of the 
filter engine in a cookie and causes a Web page containing the cookie and an instruction to sign 
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the data to be transmitted to the Web browser" (Emphasis added). There is insufficient 
antecedent basis for this limitation in the claim. 

12. Claim 28 contains the trademark/trade name Java. Where a trademark or trade name is 
used in a claim as a limitation to identify or describe a particular material or product, the claim 
does not comply with the requirements of 35 U.S.C. 112, second paragraph. See Ex parte 
Simpson, 218 USPQ 1020 (Bd. App. 1982). The claim scope is uncertain since the trademark or 
trade name cannot be used properly to identify any particular material or product. A trademark 
or trade name is used to identify a source of goods, and not the goods themselves. Thus, a 
trademark or trade name does not identify or describe the goods associated with the trademark or 
trade name. In the present case, the trademark/trade name is used to identify/describe an object 
oriented computer programming language and, accordingly, the identification/description is 
indefinite. 

13. Claim 30 recites the limitation "wherein the rules class comprises the following methods: 
a getMode method, a getService method, a readRules method, a rulesMatch method, and a 
validateRules method " (Emphasis added). There is insufficient antecedent basis for this 
limitation in the claim. 

14. Claims 3 1-35 recites the limitation "wherein the bank interface . . ." (Emphasis added). 
There is insufficient antecedent basis for this limitation in the claim. 

15. Claim 36 recites the limitation "wherein the public class object comprises a 
createOCSPRequest method, a getCertificatelD method, a getCertStatus method, a 
getCertsVerifyMessage method, a getURL method, an isResponseSuccessful method, a 
logAndBuildRetumObject method, a processOCSP method, a sendAndReceiveMessage method, 
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a serviceRequest method, and a verifyResponseSignature method" (Emphasis added). There is 
insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC §102 

16. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

1 7. Claim 37 is rejected under 35 U.S.C. 102(e) as being anticipated by U.S. Patent No. 
6,675,153 to Cook et al., hereinafter Cook. 

1 8. As per claim 37, Cook teaches a system for integrating a seller's Web site with a public 
key infrastructure, comprising: 

a Web server, see figures 1, blocks 106, 108, 3, blocks 106, 108, see also column 4, lines 
42-46, column 5, lines 11-31; 

a Web application connected to the Web server, the Web application adapted to identify 
HTTP requests that include data requiring signature and to create a Web page for transmission to 
a browser that will cause the browser to invoke a signing interface to sign the data, see figure 2, 
blocks 1 14, 1 18, see column 1, line 62 to column 2, line 6, column 5, lines 11-31, column 6, 
lines 17-28; 

the Web application further adapted to identify HTTP requests that require a service 
provided by an entity other than the seller, see figures 1, block 108, 3, block 108, as well as 
column 3, lines 7-15; and 
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a bank interface adapted to receive a request for service from the Web application, format 
and transmit the request, receive a response to the request, and forward the response to the Web 
appHcation, see figure 1, blocks 102, 104, 3 blocks 102, 104, as well as colunrn 4, lines 56-64, 
column 9, line 23 to column 10, line 8. 

Claim Rejections - 35 USC § 103 

19. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

20. Claims 1- 3, 5-9, 20, 21, 23-25, 28, 29, and 31-34 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over SET as taught by U.S. Patent No. 6,327,578 to Linehan, hereinafter 
referred to as SET, in view of U.S. Patent No. 5,717,989 to TozzoU et al., hereinafter Tozzoli. 

21. As per claim 1, SET teaches a system for integrating a seller's Web site with a public key 
infrastructure, the Web site comprising a Web server and a Web application, the public key 
infrastructure comprising a buyer computer comprising a Web browser adapted to invoke a 
signing interface to digitally sign electronic messages, the public key infrastructure further 
comprising a seller's bank computer system adapted to receive service requests from the seller 
and respond to those requests with digitally signed service responses; the system comprising: 

redirecting HTTP requests received from the Web browser, see figure 1, see also column 
3, lines 15-23, i.e. while on the internet, "the merchant's computer 104 forwards the consumer's 
payment request over internet path 122 during a second step to an acquirer gateway 106 
operating on behalf of the acquirer bank 108"; 
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an Internet server application adapted to receive a redirected HTTP request and process 
the redirected HTTP request, see figure 1, see also column 3, lines 23-32, i.e. "The acquirer 
gateway 106 passes the consumer's payment request to the acquirer bank 108 over a private 
network path 122'. The acquirer bank 108 sends the consumer's payment request to the card 
issuing bank 112 over the private network path 124 to check whether the consumer's credit or 
debit card account is active and sufficient for the proposed transaction with the merchant. The 
issuing bank 112, as the card issuer, authorizes the transaction in a message sent over the private 
path 126 to the acquiring bank 108, The acquiring bank 108 sends the transaction authorization 
over private path 128' to the acquirer gateway 106, signing the message with the acquiring 
bank's digital signature"; 

receiving the processed HTTP request and identify an HTTP request that contains data 
requiring signature by the buyer, see figure 1 and column 3, lines 32-39, i.e. "The acquirer 
gateway 106 forwards it over the internet path 128 to the merchant, authorizing from the 
merchant to proceed with the transaction. Once the merchant has received the transaction 
authorization from the acquirer gateway 106, the merchant completes the sales transaction with 
the consumer." 

22. SET does not disclose the use of a filter or filter engine. 

23. Tozzoli discusses the use of filtering when processing transactions over the Internet. It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
include filtering, since Tozzoli discloses in column 11, lines 52-57 that such a modification 
allows the merchant to verify and access data fields quickly and process the order accurately. 
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24. Regarding claim 2, SET discloses a bank interface adapted to receive the request and 
transmitting the request to the seller's bank in figure 1, blocks 106, 122', and 142', as well as 
column 3, lines 13-47. 

25. Tozzoli discloses the filter engine and reformatting the request in figures 3a-3c, column 
7, line 42 to column 8, line 3, column 11, lines 52-58, and column 12, line 64 to column 13, line 
4. 

26. With regards to claim 3, SET teaches wherein the bank interface is further adapted to 
receive a service response to the request from the seller's bank and forward the response to the 
filter engine, see figure 1, as well as column 3, Hnes 13-47. 

27. Regarding claim 5, Tozzoli teaches a second Web server adapted to parse requests 
redirected by the filter, see figure 5, as well as column 7, line 53 to column 8, line 12. 

28. Regarding claim 6, SET teaches wherein services provided by the seller's bank are 
provided within the context of a four-comer model, see figure 1. 

29. With regards to claim 7, SET teaches wherein the four-comer model comprises the buyer, 
the seller, the seller's bank, and a buyer's bank, see figure 1, where the buyer is the consumer, 
block 102, the seller is the merchant, block 104, the seller's bank is the acquiring bank, block 
108, and the buyer's bank is the issuing bank, block 1 12. 
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30. Regarding claim 8, neither SET nor Tozzoli disclose wherein the filter is implemented 
using ISAPL 

31. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to implement the filter using ISAPI, since it has been held that ISAPI is an easy-to- 
use, high performance interface for back-end applications and has significant performance 
advantages over the CGI specification, such as having its own dynamic-link library. 

32. Regarding claim 9, SET teaches wherein the Internet service application is adapted to 
generate HTTP responses based on data received from the filter engine, see column 3, lines 13- 
47. 

33. Regarding claim 20, SET teaches wherein the filter engine is adapted to return an object 
to the servlet, see column 3, lines 28-36. 

34. With regards to claim 21, SET teaches wherein the object comprises an integer value 
indicating one of four conditions: that a signature is required on data in the HTTP request, that a 
response has been received from the seller's bank concerning a service request, that the HTTP 
request has been passed through to the Web application, or that an error occurred, see column 3, 
lines 28-47. 

35. Regarding claim 23, Tozzoli and SET do not teach wherein the filter engine determines 
whether an HTTP request contains data requiring signature by applying filtering rules. 
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36. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine determine if the data required a signature, since SET discloses 
at column 3, lines 62-47 that such a modification would ensure that the transaction was 
authorized by the appropriate user. 

37. Regarding claim 24, Tozzoli and SET do not teach wherein the filter engine is 
programmed to recognize each HTTP request that includes data requiring signature. 

38. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine recognize that the data has a digital signature, since SET 
discloses at column 3, lines 62-47 that such a modification would ensure that the transaction was 
authorized by the appropriate user. 

39. Regarding claim 25, Tozzoli and SET do not teach wherein the filter engine is 
programmed to recognize HTTP requests transmitted by the Web browser that have been 
modified to include a special tag that indicates whether the request includes data that requires 
signature. 

40. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to have the filter engine recognize special tags that indicate the request for a digital 
signature, since SET discloses at column 3, lines 62-47 that such a modification would ensure 
that the transaction was authorized by the appropriate user. 
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41 . Regarding claim 28, neither SET nor Tozzoli teach wherein the filter engine provides an 
abstracted front-end interface via Java remote method invocation. 

42. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the filter to comprise of an abstracted front-end, since it has been held that an 
abstracted front-end is an easy-to-use, high performance interface for linking to back-end 
applications. 

43. Regarding claim 29, Tozzoli teaches wherein the filter engine employs a rules class, see 
column 1 1, line 52 to column 12, line 11. 

44. Regarding claim 3 1 , neither SET nor Tozzoli teach wherein the bank interface is 
designed with a plug-in based architecture. 

45. Linehan discloses wherein the bank interface is designed with a plug-in based 
architecture. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to design the bank interface with a plug-in based architecture, since Linehan 
discloses at column 9, lines 3-28 that such a modification would allow the bank to operate with 
foreign consumers. 

46. Regarding claim 32, SET and Tozzoli do not teach wherein the bank interface supports 
an abstract front-end interface to allow communication via a plurality of middleware 
technologies. 
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47. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made for the filter to comprise of an abstracted front-end, since it has been held that an 
abstracted front-end is an easy-to-use, high performance interface for interacting with 
middleware from a plurality of vendors. 

48. Regarding claim 33, SET teaches wherein the bank interface is adapted to create and 
transmit OCSP requests, see column 3, lines 25-47. 

49. Regarding claim 34, SET teaches wherein the bank interface comprises a certificate 
status check module, see column 3, lines 25-47. 

50. Claims 4 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over SET in 
view of Tozzoli as applied to claim 2 above, and further in view of Linehan. 

5 1 . With regards to claim 4, SET does not disclose wherein the service is certificate 
validation. 

52. Linehan discloses certificate validation. It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to include certificate validation, since Linehan 
states at column 4, lines 23-44 that such a modification would serve to validate that the payment 
was authorized by the card holder. 

53. Regarding claim 22, neither SET nor Tozzoli disclose wherein if the integer value 
indicates that a signature is required on data in the HTTP request then the Internet server 
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application stores a state of the filter engine in a cookie and causes a Web page containing the 
cookie and an instruction to sign the data to be transmitted to the Web browser. 

54. Linehan teaches wherein if the integer value indicates that a signature is required on data 
in the HTTP request then the Internet server application stores a state of the filter engine in a 
cookie and causes a Web page containing the cookie and an instruction to sign the data to be 
transmitted to the Web browser. It would have been obvious to one of ordinary skill in the art at 
the time the invention was made to store the state of the system to send an indication that the 
data has to be signed, since Linehan discloses at column 4, lines 9-44 that such a modification 
would limit the number of unauthorized transactions. 

55. Claims 10-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over SET in 
view of Tozzoli as applied to claim 1 above, and further in view of U.S. Patent No. 6,052,785 to 
Lin et al., hereinafter Lin. 

56. Regarding claim 10, neither SET nor Tozzoli disclose wherein the Internet server 
application is adapted to pass a hash table to the filter engine. 

57. Lin teaches wherein the Internet server application is adapted to pass a hash table to the 
fiher engine. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have the server application pass a hash table to the filter engine, since Lin 
discloses at column 8, lines 43-56 that such a modification supports authentication, which is 
necessary to prevent fi-audulent transactions. 
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58. With regards to claim 11, Lin teaches wherein the hash table comprises the headers from 
the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

59. With regards to claim 12, Lin teaches wherein the hash table comprises the method of the 
redirected HTTP request, see figure 3, as well as column 8, Hne 51 to column 9, line 17. 

60. With regards to claim 13, Lin teaches wherein the hash table comprises the content-type 
of the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

61 . With regards to claim 14, Lin teaches wherein the hash table comprises the buyer 
computer's IP address, see figure 3, as well as column 8, line 51 to column 9, line 17. 

62. With regards to claim 15, Lin teaches wherein the hash table comprises the actual data in 
the redirected HTTP request, see figure 3, as well as column 8, line 51 to column 9, line 17. 

63. With regards to claim 16, Lin teaches wherein the hash table comprises a unique session 
ID, see figure 3, as well as column 8, line 51 to column 9, line 17. 

Claim Objections 

64. Claims 18 and 19 are objected to under 37 CFR 1.75(c), as being of improper dependent 
form for failing to further limit the subject matter of a previous claim. Applicant is required to 
cancel the claim(s), or amend the claim(s) to place the claim(s) in proper dependent form, or 
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rewrite the claim(s) in independent form. Dependent claims should refer to preceding claim. 
See MPEP§ 608.01. 

Remarks 

65. The Applicant is reminded that the recitation of limitations in the preamble has not been 
given patentable weight. A preamble is generally not accorded any patentable weight where it 
merely recites the purpose of a process or the intended use of a structure, and where the body of 
the claim does not depend on the preamble for completeness but, instead, the process steps or 
structural limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 USPQ 15 
(CCPA 1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 481 (CCPA 1951). 

Conclusion 

65. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

66. The following patents are cited to further show the state of the art with respect to secure 
electronic transactions, such as: 

United States Patent No. 6,763,459 to Corella, which is cited to show a public key 
infrastructure that includes an off-line registration authority that comprises a hash table. 

United States Patent No. 6,601,759 to Fife et al., which is cited to show providing 
feedback in an interactive payment system. 

United States Patent No. 6,105,012 to Chang et al., which is cited to show a financial 
transaction processing system including one financial server connected through a public network 
to a number of users. 
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United States Patent No. 6,125,352 to Franklin et al., which is cited to show conducting 
commerce over a distributed network. 

United States Patent No. 6,003,765 to Okamoto, which is cited to show implementing an 
electronic cash system with a surveillance institution. 

United States Patent No. 6,081,790 to Rosen, which is cited to show secure presentment 
and payment over open networks. 

United States Patent No. 6,363,365 to Kou, which is cited to show secure bidding over an 
open network. 

United States Patent No. 6,71 1,679 to Guski et al, which is cited to show public key 
infrastructure delegation. 

United States Patent No. 5,850,442 to Muftic, which is cited to show secure commerce 
over an open network. 

United States Patent No. 6,356,878 to Walker et al., which is cited to show a conditional 
purchase offer buyer agency system. 

United States Patent No. 5,51 1,121 to Yacobi, which is cited to show a unique electronic 
cash system that protects the privacy of users. 

United States Patent No. 5, 557,518 to Rosen, which is cited to show a system for open 
electronic commerce having a customer trusted agent. 

67. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (703) 305-7704. 
The examiner can normally be reached on Monday thru Thursday 7-5. 
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68. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

69. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Christian LaForgia 
Patent Examiner 
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